Many firewalls support the installation of certificates to enable traffic decryption, allowing for threat inspection.
Decryption can occur on both ingress and egress traffic. For ingress traffic, the firewall protects servers from incoming threats, while for egress traffic, it safeguards users and systems communicating outward.
The firewall typically avoids decrypting traffic related to healthcare and financial data due to privacy and other implications. Decrypting traffic also necessitates additional effort from the organization to distribute keys to clients, which the firewall uses for decryption.
Note: Recall that egress traffic refers to data leaving the network, while ingress traffic pertains to data entering the network. |
Some traffic cannot be decrypted or fully understood by the firewall. This may occur for various reasons, such as proprietary applications transmitting data that the firewall cannot recognize. Such traffic may be categorized as “unknown.” Firewall administrators should consider blocking these applications, particularly on networks deemed high-risk.
While firewalls are effective, they often lack a comprehensive understanding of specific protocols. This limitation has led to the development of protocol-specific firewalls, with Web Application Firewalls (WAF) being among the most common.
WAFs offer features tailored to the HTTP protocol, enhancing their ability to block threats. In addition to threat prevention, WAFs provide several valuable utilities for organizations, including:
Note: WAFs are specialized firewalls designed to address threats specifically related to the HTTP protocol. They also typically include features that are highly convenient for administrators. |